DNS Records You Need for Your Email ServerMarch 13, 2023 | By David Selden-Treiman | Filed in: DNS, hosting.
In order to set up an authoritative email server, you’ll need to set up the following DNS records: MX, SPF, DKIM, DMARC, and PTR records.
In this article, you will learn about the important DNS records that you need to configure for your email server.
DNS records are crucial in ensuring that your email server is able to send and receive emails properly. Without the correct DNS records, your emails may end up in spam folders, get rejected by recipient servers, or fail to be delivered altogether.
In this article, you will find a detailed explanation of the most important DNS records that you need to set up for your email server, including MX, SPF, DKIM, DMARC, and PTR records.
By the end of this article, you will have a clear understanding of what each of these records does, how they work, and how to configure them correctly for your email server.
MX Records are one of the most important DNS records for your email server to ensure deliverability. These are used to tell other email servers where to send emails for your domain.
When someone sends an email to your email address, their email server will look up the MX Records for your domain to find out where to deliver the email. Think of the MX record as the address of your mail server.
For example, let’s say you have an email address, firstname.lastname@example.org. When someone sends an email to email@example.com, their email server will look up the MX Records for the domain “example.com” to find out where to send the email.
An example of an MX Record for the domain “example.com” might look like this:
example.com. IN MX 10 mail.example.com.
This record tells other email servers that any email sent to an address ending in “@example.com” should be delivered to the server “mail.example.com”. The “10” in this record represents the priority of the MX record. In this example, “mail.example.com” is the primary mail server for the domain, and any backup servers would have a higher number priority, such as “20” or “30”.
It’s important to correctly configure your MX Records to ensure that your emails are delivered reliably. If you don’t set up the MX records correctly, the emails won’t be delivered to the correct server, and you will never receive them.
If you’re unsure about how to set up your MX Records, you can consult with your domain registrar or web hosting provider for assistance.
SPF Records are another important DNS record for your email server’s deliverability and security.
SPF stands for Sender Policy Framework. This record is used to specify which email servers (specifically IP addresses or other DNS records pointing to IP addresses) are authorized to send email on behalf of your domain.
When an email is received by a server, the SPF record is checked to verify that the email was sent from an authorized server, basically as a security check. This helps to prevent spam and phishing attacks, as it makes it harder for attackers to spoof your email domain.
An example of an SPF record for the domain “example.com” might look like this:
example.com. IN TXT "v=spf1 include:_spf.google.com ~all"
This record tells recipient servers that only email servers that are listed in the “_spf.google.com” domain are authorized to send email on behalf of “example.com”.
The “~all” at the end of the record indicates that any email that does not come from an authorized server should be marked as “soft fail”, meaning it will not be automatically rejected but may be subject to additional scrutiny.
It’s important to note that SPF Records only authorize email servers to send email on behalf of your domain. They do not actually prevent spoofing or guarantee delivery. To further enhance your email security, you should also configure DKIM and DMARC Records (see below).
When setting up SPF Records, it’s important to follow best practices to ensure that your emails are not marked as spam or rejected.
For example, you should only include authorized email servers in your SPF record, and not use the “all” mechanism, which authorizes all email servers. You should also regularly check your SPF record to ensure that it is up-to-date and accurate.
DKIM records (or DomainKeys Identified Mail), are used to digitally sign outgoing email messages from your domain. When an email is received by a recipient server, the DKIM signature is checked to verify that the email was not tampered with during transit.
Basically, it’s an encryption scheme to verify that your server is actually the one that sent the email, and not an imposter (spammer, scammer, or someone else).
An example of a DKIM record for the domain “example.com” might look like:
default._domainkey.example.com. IN TXT "v=DKIM1; k=rsa; p=MIG…"
This record contains a public key that is used to verify the DKIM signature on outgoing emails from the domain “example.com”.
- The “default._domainkey” subdomain is a convention used to identify the DKIM record for the domain.
- The “v=DKIM1” parameter indicates that this is a DKIM version 1 record.
- The “k=rsa” parameter specifies the encryption algorithm used for the key.
DKIM Records can help to improve the deliverability of your emails and reduce the likelihood that they will be marked as spam or rejected.
It’s important to correctly configure DKIM Records and ensure that the private key used to sign outgoing emails is kept secure. Additionally, DKIM Records should be regularly checked to ensure that they are up-to-date and accurate.
DMARC Records are another important DNS record for your email server, working in conjunction with the other records. DMARC (Domain-based Message Authentication, Reporting, and Conformance) is used to specify how email servers receiving emails should handle messages that fail SPF or DKIM authentication checks.
Basically, they advise the server what to do when it gets invalid emails.
An example of a DMARC record for the domain “example.com” might look like this:
_dmarc.example.com. IN TXT "v=DMARC1; p=reject; rua=mailto:firstname.lastname@example.org"
This record tells recipient servers that any email messages that fail SPF or DKIM checks should be rejected (the “p=” portion).
Additionally, the “rua” parameter specifies an email address where DMARC reports should be sent for analysis.
DMARC Records can help to improve the security of your email and reduce the likelihood that your domain will be used for phishing or spoofing attacks. They tend to give a good heads-up that someone is using your domain for sending spam, and allow you to make any notifications to your customers that may be necessary.
It’s important to note that DMARC requires both SPF and DKIM to be properly configured in order to function effectively. Make sure you have both.
In summary, properly configuring DMARC Records can help to enhance the security and deliverability of your email messages. By setting appropriate policies and regularly monitoring your DMARC reports, you can help to protect your domain from being used by spammers and scammers.
PTR Records, also known as reverse DNS records, are used to map an IP address to a domain name.
Many recipient servers will check the PTR record of the IP address that an email is coming from to verify that the email is coming from a legitimate server and not a spammer. It’s an additional check that works alongside your MX and A records to tell mail servers that the your server is the right one.
An example of a PTR record for the IP address 192.0.2.1 might look like this:
22.214.171.124.in-addr.arpa. IN PTR mail.example.com.
This tells recipient servers that the IP address 192.0.2.1 is associated with the domain name “mail.example.com”. When an email is received from this IP address, some recipient servers will perform a reverse DNS lookup on the IP address to verify that it matches the domain name in the PTR record.
Often, to configure your PTR record on a virtual private server, you’ll want to set the hostname of your VPS to the (sub)domain you’re using for your mail server. This isn’t always how it works though, so make sure you check with your hosting provider.
To properly configure PTR Records for your email server, you need to ensure that the IP address of your mail server matches the domain name in your PTR record.
It’s important to note that PTR Records are not always required. They are favored by some email servers and mail providers simply because they require a dedicated IP address in order to use. This helps to verify that you’re not a fly-by-night scammer or something like that. Not everyone uses them though.
In summary, correctly configuring PTR Records can help to improve the reputation of your email server and enhance the deliverability of your email messages. By ensuring that your PTR record matches the domain name of your mail server, you can help to reduce the likelihood that your emails will be marked as spam or rejected.
Best Practices for DNS & Mail Servers
Check Your DNS Records Periodically
You’re going to want to make sure you check your DNS records periodically. Records can be updated by someone, or you might forget that you made a change. Regularly checking on your records can really help if you have a mail server management team.
There are many free tools available online that can check your DNS records and alert you to any issues or inconsistencies. Some of these tools can even provide recommendations on how to improve your DNS record configuration.
Be Careful When Restricting Email
You’ll also want to carefully consider the policies that you set for SPF, DKIM, and DMARC Records. Setting overly strict policies can result in legitimate emails being marked as spam or rejected, while setting overly permissive policies can leave your domain vulnerable to phishing or spoofing attacks.
Ensure Proper Configuration
Additionally, you should ensure that all of your DNS records are properly configured and that there are no conflicting or duplicate records. This can be particularly important if you are migrating your email server or changing your domain name.
Mistakes can happen. It’s especially easy to overlook small changes with DNS since there can be a long delay between a record changing and you noticing the effects.
Finally, it’s important to ensure that all of your DNS records are kept secure and that only authorized personnel have access to them. This can help to prevent unauthorized changes or modifications to your DNS records that could potentially disrupt your email service.
Understanding and correctly configuring the DNS records for your email server is crucial for ensuring the proper delivery of your emails. By configuring the MX, SPF, DKIM, DMARC, and PTR records correctly, you can help to prevent your emails from being marked as spam, rejected, or lost in transit.
It’s important to keep in mind that DNS record configuration is not a one-time task, but an ongoing process that requires regular checking and updating. Changes to your email server configuration or domain name can also affect your DNS records and should be taken into consideration when updating your records.
By following the best practices outlined in this article and regularly monitoring your DNS records, you can help to ensure the reliable delivery of your email messages and protect your domain from security threats.
Looking for High-Performance Hosting?
Are you looking for high-performance hosting, either for your email or for your website? We provide both high-availability, clustered website hosting and efficient email hosting for your needs. Contact us using the form below, and we’ll be in touch to get started!
David Selden-Treiman is Director of Operations and a project manager at Potent Pages. He specializes in custom web crawler development, website optimization, server management, web application development, and custom programming. Working at Potent Pages since 2012 and programming since 2003, David has extensive expertise solving problems using programming for dozens of clients. He also has extensive experience managing and optimizing servers, managing dozens of servers for both Potent Pages and other clients.